diff options
Diffstat (limited to 'src/saml2/cryptography/pki.py')
-rw-r--r-- | src/saml2/cryptography/pki.py | 43 |
1 files changed, 41 insertions, 2 deletions
diff --git a/src/saml2/cryptography/pki.py b/src/saml2/cryptography/pki.py index 8c59fdaf..0aa6d2b8 100644 --- a/src/saml2/cryptography/pki.py +++ b/src/saml2/cryptography/pki.py @@ -1,9 +1,48 @@ """This module provides methods for PKI operations.""" -import cryptography.hazmat.backends as _backends +from logging import getLogger as get_logger + import cryptography.x509 as _x509 +from cryptography.hazmat.primitives.serialization import Encoding as _cryptography_encoding + + +logger = get_logger(__name__) + +DEFAULT_CERT_TYPE = "pem" def load_pem_x509_certificate(data): """Load X.509 PEM certificate.""" - return _x509.load_pem_x509_certificate(data, _backends.default_backend()) + return _x509.load_pem_x509_certificate(data) + + +def load_der_x509_certificate(data): + """Load X.509 DER certificate.""" + return _x509.load_der_x509_certificate(data) + + +def load_x509_certificate(data, cert_type="pem"): + cert_reader = _x509_loaders.get(cert_type) + + if not cert_reader: + cert_reader = _x509_loaders.get("pem") + context = { + "message": "Unknown cert_type, falling back to default", + "cert_type": cert_type, + "default": DEFAULT_CERT_TYPE, + } + logger.warning(context) + + cert = cert_reader(data) + return cert + + +def get_public_bytes_from_cert(cert): + data = cert.public_bytes(_cryptography_encoding.PEM).decode() + return data + + +_x509_loaders = { + "pem": load_pem_x509_certificate, + "der": load_der_x509_certificate, +} |